English
Related papers

Related papers: Leveraging Code Cohesion Analysis to Identify Sour…

200 papers

Package managers have become a vital part of the modern software development process. They allow developers to reuse third-party code, share their own code, minimize their codebase, and simplify the build process. However, recent reports…

Cryptography and Security · Computer Science 2020-12-03 Ruian Duan , Omar Alrawi , Ranjita Pai Kasturi , Ryan Elder , Brendan Saltaformaggio , Wenke Lee

Open-source software supply chain attacks aim at infecting downstream users by poisoning open-source packages. The common way of consuming such artifacts is through package repositories and the development of vetting strategies to detect…

Cryptography and Security · Computer Science 2022-10-11 Piergiorgio Ladisa , Henrik Plate , Matias Martinez , Olivier Barais , Serena Elisa Ponta

Consistency is one of the keys to maintainable source code and hence a successful software project. We propose a novel method of extracting the intent of programmers from source code of a large project (~300kLOC) and checking the semantic…

Software Engineering · Computer Science 2022-03-21 Yusuke Shinyama , Yoshitaka Arahori , Katsuhiko Gondow

Memory corruption errors in C/C++ programs remain the most common source of security vulnerabilities in today's systems. Control-flow hijacking attacks exploit memory corruption vulnerabilities to divert program execution away from the…

Cryptography and Security · Computer Science 2019-11-26 Nathan Burow , Scott A. Carr , Joseph Nash , Per Larsen , Michael Franz , Stefan Brunthaler , Mathias Payer

Due to the growing number of cyber attacks against computer systems, we need to pay special attention to the security of our software systems. In order to maximize the effectiveness, excluding the human component from this process would be…

Cryptography and Security · Computer Science 2021-05-18 Tamás Viszkok , Péter Hegedűs , Rudolf Ferenc

The Software Supply Chain (SSC) has captured considerable attention from attackers seeking to infiltrate systems and undermine organizations. There is evidence indicating that adversaries utilize Social Engineering (SocE) techniques…

Protecting software supply chains from malicious packages is paramount in the evolving landscape of software development. Attacks on the software supply chain involve attackers injecting harmful software into commonly used packages or…

Cryptography and Security · Computer Science 2024-02-13 S. Halder , M. Bewong , A. Mahboubi , Y. Jiang , R. Islam , Z. Islam , R. Ip , E. Ahmed , G. Ramachandran , A. Babar

In Go, the widespread adoption of open-source software has led to a flourishing ecosystem of third-party dependencies, which are often integrated into critical systems. However, the reuse of dependencies introduces significant supply chain…

Cryptography and Security · Computer Science 2025-09-05 Carmine Cesarano , Vivi Andersson , Roberto Natella , Martin Monperrus

Context: Code coverage is widely used as a software quality assurance measure. However, its effect, and specifically the advisable dose, are disputed in both the research and engineering communities. Prior work reports only correlational…

Software Engineering · Computer Science 2026-02-04 Lukas Schulte , Gordon Fraser , Steffen Herbold

Identifying recurring vulnerabilities is crucial for ensuring software security. Clone-based techniques, while widely used, often generate many false alarms due to the existence of similar but patched (SBP) code, which is similar to…

Software Engineering · Computer Science 2026-02-10 Zixuan Tan , Jiayuan Zhou , Xing Hu , Shengyi Pan , Kui Liu , Xin Xia

Increasing numbers of software vulnerabilities are discovered every year whether they are reported publicly or discovered internally in proprietary code. These vulnerabilities can pose serious risk of exploit and result in system…

The NPM ecosystem has become a primary target for software supply chain attacks, yet existing detection tools are evaluated in isolation on incompatible datasets, making cross-tool comparison unreliable. We conduct a benchmark-driven…

Software Engineering · Computer Science 2026-03-31 Wenbo Guo , Zhongwen Chen , Zhengzi Xu , Chengwei Liu , Ming Kang , Shiwen Song , Chengyue Liu , Yijia Xu , Weisong Sun , Yang Liu

In recent years, defect prediction has received a great deal of attention in the empirical software engineering world. Predicting software defects before the maintenance phase is very important not only to decrease the maintenance costs but…

Software Engineering · Computer Science 2018-08-31 Ahmet Okutan

With the wave of high-profile supply chain attacks targeting development and client organizations, supply chain security has recently become a focal point. As a result, there is an elevated discussion on securing the development environment…

We consider the task of mapping pseudocode to long programs that are functionally correct. Given test cases as a mechanism to validate programs, we search over the space of possible translations of the pseudocode to find a program that…

Machine Learning · Computer Science 2019-06-13 Sumith Kulal , Panupong Pasupat , Kartik Chandra , Mina Lee , Oded Padon , Alex Aiken , Percy Liang

Identifying security issues early is encouraged to reduce the latent negative impacts on software systems. Code review is a widely-used method that allows developers to manually inspect modified code, catching security issues during a…

Software Engineering · Computer Science 2024-05-10 Wachiraphan Charoenwet , Patanamon Thongtanunam , Van-Thuan Pham , Christoph Treude

Automated detection of vulnerability-fixing commits (VFCs) is critical for timely security patch deployment, as advisory databases lag patch releases by a median of 25 days and many fixes never receive advisories. We present a comprehensive…

Software Engineering · Computer Science 2026-05-14 Nils Loose , Joseph Bienhüls , Kristoffer Hempel , Felix Mächtle , Thomas Eisenbarth

Code protections aim at blocking (or at least delaying) reverse engineering and tampering attacks to critical assets within programs. Knowing the way hackers understand protected code and perform attacks is important to achieve a stronger…

Software Engineering · Computer Science 2017-05-29 Mariano Ceccato , Paolo Tonella , Cataldo Basile , Bart Coppens , Bjorn De Sutter , Paolo Falcarin , Marco Torchiano

Using open-source dependencies is essential in modern software development. However, this practice implies significant trust in third-party code, while there is little support for developers to assess this trust. As a consequence, attacks…

Software Engineering · Computer Science 2025-09-08 Raphina Liu , Sofia Bobadilla , Benoit Baudry , Martin Monperrus

The lack of reliable sources of detailed information on the vulnerabilities of open-source software (OSS) components is a major obstacle to maintaining a secure software supply chain and an effective vulnerability management process.…

Cryptography and Security · Computer Science 2025-03-18 Antonino Sabetta , Michele Bezzi